[thirdparty/cups.git] / cups / tlscheck.c

/*
 * "$Id$"
 *
 * TLS check program for CUPS.
 *
 * Copyright 2007-2015 by Apple Inc.
 * Copyright 1997-2006 by Easy Software Products.
 *
 * These coded instructions, statements, and computer programs are the
 * property of Apple Inc. and are protected by Federal copyright
 * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 * which should have been included with this file.  If this file is
 * file is missing or damaged, see the license at "http://www.cups.org/".
 *
 * This file is subject to the Apple OS-Developed Software exception.
 */

/*
 * Include necessary headers...
 */

#include "cups-private.h"


/*
 * 'main()' - Main entry.
 */

int					/* O - Exit status */
main(int  argc,				/* I - Number of command-line arguments */
     char *argv[])			/* I - Command-line arguments */
{
  http_t	*http;			/* HTTP connection */
  const char	*server = argv[1];	/* Hostname from command-line */
  int		port = 631;		/* Port number */
  const char	*cipherName = "UNKNOWN";/* Cipher suite name */


  if (argc < 2 || argc > 3)
  {
    puts("Usage: ./tlscheck server [port]");
    puts("");
    puts("The default port is 631.");
    return (1);
  }

  if (argc == 3)
    port = atoi(argv[2]);

  http = httpConnect2(server, port, NULL, AF_UNSPEC, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL);
  if (!http)
  {
    printf("%s: ERROR (%s)\n", server, cupsLastErrorString());
    return (1);
  }

#ifdef __APPLE__
  SSLCipherSuite cipher;
  char unknownCipherName[256];
  int paramsNeeded = 0;
  const void *params;
  size_t paramsLen;
  OSStatus err;

  if ((err = SSLGetNegotiatedCipher(http->tls, &cipher)) != noErr)
  {
    printf("%s: ERROR (No cipher suite - %d)\n", server, (int)err);
    httpClose(http);
    return (1);
  }

  switch (cipher)
  {
    case TLS_NULL_WITH_NULL_NULL:
	cipherName = "TLS_NULL_WITH_NULL_NULL";
	break;
    case TLS_RSA_WITH_NULL_MD5:
	cipherName = "TLS_RSA_WITH_NULL_MD5";
	break;
    case TLS_RSA_WITH_NULL_SHA:
	cipherName = "TLS_RSA_WITH_NULL_SHA";
	break;
    case TLS_RSA_WITH_RC4_128_MD5:
	cipherName = "TLS_RSA_WITH_RC4_128_MD5";
	break;
    case TLS_RSA_WITH_RC4_128_SHA:
	cipherName = "TLS_RSA_WITH_RC4_128_SHA";
	break;
    case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
	break;
    case TLS_RSA_WITH_NULL_SHA256:
	cipherName = "TLS_RSA_WITH_NULL_SHA256";
	break;
    case TLS_RSA_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA256";
	break;
    case TLS_RSA_WITH_AES_256_CBC_SHA256:
	cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA256";
	break;
    case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
	paramsNeeded = 1;
	break;
    case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
	paramsNeeded = 1;
	break;
    case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
	paramsNeeded = 1;
	break;
    case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
	paramsNeeded = 1;
	break;
    case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
	cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
	cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
	cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
	cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DH_anon_WITH_RC4_128_MD5:
	cipherName = "TLS_DH_anon_WITH_RC4_128_MD5";
	paramsNeeded = 1;
	break;
    case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
	paramsNeeded = 1;
	break;
    case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
	cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_PSK_WITH_RC4_128_SHA:
	cipherName = "TLS_PSK_WITH_RC4_128_SHA";
	break;
    case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
	break;
    case TLS_PSK_WITH_AES_128_CBC_SHA:
	cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA";
	break;
    case TLS_PSK_WITH_AES_256_CBC_SHA:
	cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA";
	break;
    case TLS_DHE_PSK_WITH_RC4_128_SHA:
	cipherName = "TLS_DHE_PSK_WITH_RC4_128_SHA";
	paramsNeeded = 1;
	break;
    case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
	paramsNeeded = 1;
	break;
    case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
	cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
	paramsNeeded = 1;
	break;
    case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
	cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
	paramsNeeded = 1;
	break;
    case TLS_RSA_PSK_WITH_RC4_128_SHA:
	cipherName = "TLS_RSA_PSK_WITH_RC4_128_SHA";
	break;
    case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
	cipherName = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
	break;
    case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
	cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
	break;
    case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
	cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
	break;
    case TLS_PSK_WITH_NULL_SHA:
	cipherName = "TLS_PSK_WITH_NULL_SHA";
	break;
    case TLS_DHE_PSK_WITH_NULL_SHA:
	cipherName = "TLS_DHE_PSK_WITH_NULL_SHA";
	paramsNeeded = 1;
	break;
    case TLS_RSA_PSK_WITH_NULL_SHA:
	cipherName = "TLS_RSA_PSK_WITH_NULL_SHA";
	break;
    case TLS_RSA_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_RSA_WITH_AES_128_GCM_SHA256";
	break;
    case TLS_RSA_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_RSA_WITH_AES_256_GCM_SHA384";
	break;
    case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_PSK_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_PSK_WITH_AES_128_GCM_SHA256";
	break;
    case TLS_PSK_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_PSK_WITH_AES_256_GCM_SHA384";
	break;
    case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
	break;
    case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
	break;
    case TLS_PSK_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA256";
	break;
    case TLS_PSK_WITH_AES_256_CBC_SHA384:
	cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA384";
	break;
    case TLS_PSK_WITH_NULL_SHA256:
	cipherName = "TLS_PSK_WITH_NULL_SHA256";
	break;
    case TLS_PSK_WITH_NULL_SHA384:
	cipherName = "TLS_PSK_WITH_NULL_SHA384";
	break;
    case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
	cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_DHE_PSK_WITH_NULL_SHA256:
	cipherName = "TLS_DHE_PSK_WITH_NULL_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_DHE_PSK_WITH_NULL_SHA384:
	cipherName = "TLS_DHE_PSK_WITH_NULL_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
	break;
    case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
	cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
	break;
    case TLS_RSA_PSK_WITH_NULL_SHA256:
	cipherName = "TLS_RSA_PSK_WITH_NULL_SHA256";
	break;
    case TLS_RSA_PSK_WITH_NULL_SHA384:
	cipherName = "TLS_RSA_PSK_WITH_NULL_SHA384";
	break;
    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
	cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
	cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
	cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
	cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
	cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
	cipherName = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
	paramsNeeded = 1;
	break;
    case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
	cipherName = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
	paramsNeeded = 1;
	break;
    default :
        snprintf(unknownCipherName, sizeof(unknownCipherName), "UNKNOWN_%04X", cipher);
        cipherName = unknownCipherName;
        break;
  }

  if (cipher == TLS_RSA_WITH_RC4_128_MD5 ||
      cipher == TLS_RSA_WITH_RC4_128_SHA)
  {
    printf("%s: ERROR (Insecure RC4 negotiated)\n", server);
    httpClose(http);
    return (1);
  }

  if ((err = SSLGetDiffieHellmanParams(http->tls, &params, &paramsLen)) != noErr && paramsNeeded)
  {
    printf("%s: ERROR (Unable to get Diffie Hellman parameters - %d)\n", server, (int)err);
    httpClose(http);
    return (1);
  }

  if (paramsLen < 128 && paramsLen != 0)
  {
    printf("%s: ERROR (Diffie Hellman parameters only %d bytes/%d bits)\n", server, (int)paramsLen, (int)paramsLen * 8);
    httpClose(http);
    return (1);
  }
#endif /* __APPLE__ */

  printf("%s: OK (%s)\n", server, cipherName);

  httpClose(http);

  return (0);
}


/*
 * End of "$Id$".
 */
Commit	Line	Data
79a37326 MS	1	/*
	2	* "$Id$"
	3	*
	4	* TLS check program for CUPS.
	5	*
	6	* Copyright 2007-2015 by Apple Inc.
	7	* Copyright 1997-2006 by Easy Software Products.
	8	*
	9	* These coded instructions, statements, and computer programs are the
	10	* property of Apple Inc. and are protected by Federal copyright
	11	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	12	* which should have been included with this file. If this file is
	13	* file is missing or damaged, see the license at "http://www.cups.org/".
	14	*
	15	* This file is subject to the Apple OS-Developed Software exception.
	16	*/
	17
	18	/*
	19	* Include necessary headers...
	20	*/
	21
	22	#include "cups-private.h"
	23
	24
	25	/*
	26	* 'main()' - Main entry.
	27	*/
	28
	29	int /* O - Exit status */
	30	main(int argc, /* I - Number of command-line arguments */
	31	char argv[]) / I - Command-line arguments */
	32	{
	33	http_t http; / HTTP connection */
	34	const char server = argv[1]; / Hostname from command-line */
	35	int port = 631; /* Port number */
	36	const char cipherName = "UNKNOWN";/ Cipher suite name */
	37
	38
	39	if (argc < 2 \|\| argc > 3)
	40	{
	41	puts("Usage: ./tlscheck server [port]");
	42	puts("");
	43	puts("The default port is 631.");
	44	return (1);
	45	}
	46
	47	if (argc == 3)
	48	port = atoi(argv[2]);
	49
	50	http = httpConnect2(server, port, NULL, AF_UNSPEC, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL);
	51	if (!http)
	52	{
	53	printf("%s: ERROR (%s)\n", server, cupsLastErrorString());
	54	return (1);
	55	}
	56
	57	#ifdef __APPLE__
	58	SSLCipherSuite cipher;
	59	char unknownCipherName[256];
	60	int paramsNeeded = 0;
	61	const void *params;
	62	size_t paramsLen;
	63	OSStatus err;
	64
65	if ((err = SSLGetNegotiatedCipher(http->tls, &cipher)) != noErr)
66	{
67	printf("%s: ERROR (No cipher suite - %d)\n", server, (int)err);
68	httpClose(http);
69	return (1);
70	}
71
72	switch (cipher)
73	{
74	case TLS_NULL_WITH_NULL_NULL:
75	cipherName = "TLS_NULL_WITH_NULL_NULL";
76	break;
77	case TLS_RSA_WITH_NULL_MD5:
78	cipherName = "TLS_RSA_WITH_NULL_MD5";
79	break;
80	case TLS_RSA_WITH_NULL_SHA:
81	cipherName = "TLS_RSA_WITH_NULL_SHA";
82	break;
83	case TLS_RSA_WITH_RC4_128_MD5:
84	cipherName = "TLS_RSA_WITH_RC4_128_MD5";
85	break;
86	case TLS_RSA_WITH_RC4_128_SHA:
87	cipherName = "TLS_RSA_WITH_RC4_128_SHA";
88	break;
89	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
90	cipherName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
91	break;
92	case TLS_RSA_WITH_NULL_SHA256:
93	cipherName = "TLS_RSA_WITH_NULL_SHA256";
94	break;
95	case TLS_RSA_WITH_AES_128_CBC_SHA256:
96	cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA256";
97	break;
98	case TLS_RSA_WITH_AES_256_CBC_SHA256:
99	cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA256";
100	break;
101	case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
102	cipherName = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
103	paramsNeeded = 1;
104	break;
105	case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
106	cipherName = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
107	paramsNeeded = 1;
108	break;
109	case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
110	cipherName = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
111	paramsNeeded = 1;
112	break;
113	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
114	cipherName = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
115	paramsNeeded = 1;
116	break;
117	case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
118	cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
119	paramsNeeded = 1;
120	break;
121	case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
122	cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
123	paramsNeeded = 1;
124	break;
125	case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
126	cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
127	paramsNeeded = 1;
128	break;
129	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
130	cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
131	paramsNeeded = 1;
132	break;
133	case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
134	cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
135	paramsNeeded = 1;
136	break;
137	case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
138	cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
139	paramsNeeded = 1;
140	break;
141	case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
142	cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
143	paramsNeeded = 1;
144	break;
145	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
146	cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
147	paramsNeeded = 1;
148	break;
149	case TLS_DH_anon_WITH_RC4_128_MD5:
150	cipherName = "TLS_DH_anon_WITH_RC4_128_MD5";
151	paramsNeeded = 1;
152	break;
153	case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
154	cipherName = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
155	paramsNeeded = 1;
156	break;
157	case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
158	cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
159	paramsNeeded = 1;
160	break;
161	case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
162	cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
163	paramsNeeded = 1;
164	break;
165	case TLS_PSK_WITH_RC4_128_SHA:
166	cipherName = "TLS_PSK_WITH_RC4_128_SHA";
167	break;
168	case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
169	cipherName = "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
170	break;
171	case TLS_PSK_WITH_AES_128_CBC_SHA:
172	cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA";
173	break;
174	case TLS_PSK_WITH_AES_256_CBC_SHA:
175	cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA";
176	break;
177	case TLS_DHE_PSK_WITH_RC4_128_SHA:
178	cipherName = "TLS_DHE_PSK_WITH_RC4_128_SHA";
179	paramsNeeded = 1;
180	break;
181	case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
182	cipherName = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
183	paramsNeeded = 1;
184	break;
185	case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
186	cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
187	paramsNeeded = 1;
188	break;
189	case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
190	cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
191	paramsNeeded = 1;
192	break;
193	case TLS_RSA_PSK_WITH_RC4_128_SHA:
194	cipherName = "TLS_RSA_PSK_WITH_RC4_128_SHA";
195	break;
196	case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
197	cipherName = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
198	break;
199	case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
200	cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
201	break;
202	case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
203	cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
204	break;
205	case TLS_PSK_WITH_NULL_SHA:
206	cipherName = "TLS_PSK_WITH_NULL_SHA";
207	break;
208	case TLS_DHE_PSK_WITH_NULL_SHA:
209	cipherName = "TLS_DHE_PSK_WITH_NULL_SHA";
210	paramsNeeded = 1;
211	break;
212	case TLS_RSA_PSK_WITH_NULL_SHA:
213	cipherName = "TLS_RSA_PSK_WITH_NULL_SHA";
214	break;
215	case TLS_RSA_WITH_AES_128_GCM_SHA256:
216	cipherName = "TLS_RSA_WITH_AES_128_GCM_SHA256";
217	break;
218	case TLS_RSA_WITH_AES_256_GCM_SHA384:
219	cipherName = "TLS_RSA_WITH_AES_256_GCM_SHA384";
220	break;
221	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
222	cipherName = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
223	paramsNeeded = 1;
224	break;
225	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
226	cipherName = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
227	paramsNeeded = 1;
228	break;
229	case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
230	cipherName = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
231	paramsNeeded = 1;
232	break;
233	case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
234	cipherName = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
235	paramsNeeded = 1;
236	break;
237	case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
238	cipherName = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
239	paramsNeeded = 1;
240	break;
241	case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
242	cipherName = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
243	paramsNeeded = 1;
244	break;
245	case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
246	cipherName = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
247	paramsNeeded = 1;
248	break;
249	case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
250	cipherName = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
251	paramsNeeded = 1;
252	break;
253	case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
254	cipherName = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
255	paramsNeeded = 1;
256	break;
257	case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
258	cipherName = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
259	paramsNeeded = 1;
260	break;
261	case TLS_PSK_WITH_AES_128_GCM_SHA256:
262	cipherName = "TLS_PSK_WITH_AES_128_GCM_SHA256";
263	break;
264	case TLS_PSK_WITH_AES_256_GCM_SHA384:
265	cipherName = "TLS_PSK_WITH_AES_256_GCM_SHA384";
266	break;
267	case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
268	cipherName = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
269	paramsNeeded = 1;
270	break;
271	case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
272	cipherName = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
273	paramsNeeded = 1;
274	break;
275	case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
276	cipherName = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
277	break;
278	case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
279	cipherName = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
280	break;
281	case TLS_PSK_WITH_AES_128_CBC_SHA256:
282	cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA256";
283	break;
284	case TLS_PSK_WITH_AES_256_CBC_SHA384:
285	cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA384";
286	break;
287	case TLS_PSK_WITH_NULL_SHA256:
288	cipherName = "TLS_PSK_WITH_NULL_SHA256";
289	break;
290	case TLS_PSK_WITH_NULL_SHA384:
291	cipherName = "TLS_PSK_WITH_NULL_SHA384";
292	break;
293	case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
294	cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
295	paramsNeeded = 1;
296	break;
297	case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
298	cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
299	paramsNeeded = 1;
300	break;
301	case TLS_DHE_PSK_WITH_NULL_SHA256:
302	cipherName = "TLS_DHE_PSK_WITH_NULL_SHA256";
303	paramsNeeded = 1;
304	break;
305	case TLS_DHE_PSK_WITH_NULL_SHA384:
306	cipherName = "TLS_DHE_PSK_WITH_NULL_SHA384";
307	paramsNeeded = 1;
308	break;
309	case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
310	cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
311	break;
312	case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
313	cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
314	break;
315	case TLS_RSA_PSK_WITH_NULL_SHA256:
316	cipherName = "TLS_RSA_PSK_WITH_NULL_SHA256";
317	break;
318	case TLS_RSA_PSK_WITH_NULL_SHA384:
319	cipherName = "TLS_RSA_PSK_WITH_NULL_SHA384";
320	break;
321	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
322	cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
323	paramsNeeded = 1;
324	break;
325	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
326	cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
327	paramsNeeded = 1;
328	break;
329	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
330	cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
331	paramsNeeded = 1;
332	break;
333	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
334	cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
335	paramsNeeded = 1;
336	break;
337	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
338	cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
339	paramsNeeded = 1;
340	break;
341	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
342	cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
343	paramsNeeded = 1;
344	break;
345	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
346	cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
347	paramsNeeded = 1;
348	break;
349	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
350	cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
351	paramsNeeded = 1;
352	break;
353	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
354	cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
355	paramsNeeded = 1;
356	break;
357	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
358	cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
359	paramsNeeded = 1;
360	break;
361	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
362	cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
363	paramsNeeded = 1;
364	break;
365	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
366	cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
367	paramsNeeded = 1;
368	break;
369	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
370	cipherName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
371	paramsNeeded = 1;
372	break;
373	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
374	cipherName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
375	paramsNeeded = 1;
376	break;
377	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
378	cipherName = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
379	paramsNeeded = 1;
380	break;
381	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
382	cipherName = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
383	paramsNeeded = 1;
384	break;
385	default :
386	snprintf(unknownCipherName, sizeof(unknownCipherName), "UNKNOWN_%04X", cipher);
387	cipherName = unknownCipherName;
388	break;
389	}
390
391	if (cipher == TLS_RSA_WITH_RC4_128_MD5 \|\|
392	cipher == TLS_RSA_WITH_RC4_128_SHA)
393	{
394	printf("%s: ERROR (Insecure RC4 negotiated)\n", server);
395	httpClose(http);
396	return (1);
397	}
398
399	if ((err = SSLGetDiffieHellmanParams(http->tls, &params, &paramsLen)) != noErr && paramsNeeded)
400	{
401	printf("%s: ERROR (Unable to get Diffie Hellman parameters - %d)\n", server, (int)err);
402	httpClose(http);
403	return (1);
404	}
405
406	if (paramsLen < 128 && paramsLen != 0)
407	{
408	printf("%s: ERROR (Diffie Hellman parameters only %d bytes/%d bits)\n", server, (int)paramsLen, (int)paramsLen * 8);
409	httpClose(http);
410	return (1);
411	}
412	#endif /* __APPLE__ */
413
414	printf("%s: OK (%s)\n", server, cipherName);
415
416	httpClose(http);
417
418	return (0);
419	}
420
421
422	/*
423	* End of "$Id$".
424	*/